<?
class database_connection{

  var $query_id;
	var $link;
  
  var $query_time = 0;
  var $begin = 0;
	var $eind = 0;
  
	function connect($location, $username, $password, $database){
		$this->link = mysql_connect($location, $username, $password) or die ("Could not Connect: ".mysql_error());
		mysql_select_db($database) or die ('Could not select database: '.mysql_error());
		Return true;
	}
	function query($query){
		$this->query_id = mysql_query($query, $this->link) or die ('Query failed: '.mysql_error());
		Return true;
	}
	function output(){
    $this->start();
		$array = mysql_fetch_array($this->query_id, MYSQL_ASSOC);
    $this->query_time = $this->stop();
		Return $array;
	}
  function querytime(){
    return $this->query_time;
  }
  function closelink(){
    if(!empty($this->query_id) && is_resource($this->query_id)){
      mysql_free_result($this->query_id);      
    }
    mysql_close($this->link);
  }
   
  //Parsetime stuff
	function gettime(){
		$time = microtime();
		$time = explode(" ", $time);
		Return $time[1]+$time[0];
	}
	function start(){
		$this->begin = $this->gettime();
	}
	function stop(){
		$this->eind = $this->gettime();
		Return number_format($this->eind - $this->begin, 6, ",", "");		 
	}
}

class loginmanager{
  
  function verify(){
    if(empty($_SESSION['ingelogd']) || $_SESSION['ingelogd'] != true){
      $this->makeloginscreen();
    }
  }
  function verify_ERR401(){
    if(empty($_SESSION['ingelogd']) || $_SESSION['ingelogd'] != true){
      header('HTTP/1.0 401 Unauthorized');
      die("HTTP/1.0 401 Unauthorized");
    }
  }
  function escape($input)
  {
    return htmlspecialchars($input, ENT_QUOTES);
  }
  function makeloginscreen(){
    $con = new database_connection();
    $con->connect("localhost", "root", "", "roconsult");
    
    if(isset($_POST['login']) && $_POST['login'] == "yes"){
      if(isset($_POST['username']) && $_POST['username'] != ""){
        $con->query("SELECT * FROM `employees` WHERE `username` = '".$this->escape($_POST['username'])."' LIMIT 0,1;");
        if(isset($_POST['password']) && $_POST['password'] != ""){
          $USER = $con->output();
          if(sha1($_POST['password']) == $this->escape($USER['password'])){	//Succesvol ingelogd
            $_SESSION['ingelogd'] = true;
            $_SESSION['userlevel'] = $USER['userlevel'];
            $_SESSION['empnr'] = $USER['Empnr'];
            header("Location: index.php");
          }else{												//Onsuccesvol ingelogd
            $_SESSION['ingelogd'] = false;
            header("Location: index.php?failed");
          }
        }
        else
        {
          $_SESSION['ingelogd'] = false;
          header("Location: index.php?failed");
        }
      }
      else
      {
        $_SESSION['ingelogd'] = false;
        header("Location: index.php?failed");
      }
      $con->closelink();
    }elseif(isset($_SESSION['ingelogd']) && $_SESSION['ingelogd'] == true){
      header("Location: index.php");
    }else{
      echo "<form action=\"#\" method=\"post\">\n";
      echo "\t<table>\n";
      echo "\t\t<tr>\n\t\t\t<td>Username:</td>\n\t\t\t<td><input type=\"text\" name=\"username\"></input></td>\n\t\t</tr>\n";
      echo "\t\t<tr>\n\t\t\t<td>Password:</td>\n\t\t\t<td><input type=\"password\" name=\"password\"></input></td>\n\t\t</tr>\n";
      echo "\t\t<input type=\"hidden\" name=\"login\" value=\"yes\">\n";
      echo "\t\t<tr>\n\t\t\t<td colspan=\"2\" align=\"right\"><input type=\"submit\" name=\"submit\" value=\"submit\"></td>\n\t\t</tr>\n";
      echo "\t</table>\n</form>";
      if (isset($_GET['failed'])) echo "<b>Login Failed</b>";
    }   
    die();
  }
}
class parsetime{
	
	var $begin = 0;
	var $eind = 0;

	function gettime(){
		$time = microtime();
		$time = explode(" ", $time);
		Return $time[1]+$time[0];
	}
	function start(){
		$this->begin = $this->gettime();
	}
	function stop(){
		$this->eind = $this->gettime();
		Return number_format($this->eind - $this->begin, 6, ",", "");		 
	}
}
function escape($input)
{
  return htmlspecialchars($input, ENT_QUOTES);
}
?>